Some additional checks related to secure version of the application in
anti-rollback case have been added to avoid any attempts to boot lower
security version but valid application (e.g., passive partition image).
- Read secure_version under sha256 protection
- First check has been added in the bootloader to ensure correct secure
version after application verification and loading stage. This check
happens before setting up the flash cache mapping and handling over
the final control to application. This check ensures that application
was not swapped (e.g., to lower security version but valid image) just
before the load stage in bootloader.
- Second check has been added in the application startup code to ensure
that currently booting app has higher security version than the one
programmed in the eFuse for anti-rollback scenario. This will ensure
that only the legit application boots-up on the device for
anti-rollback case.
esp_efuse_utility_load_efuses_from_flash() read emul_efuse
as an encrypted partition, but that is not correct,
this partition was never encrypted.
Need to read it as not encrypted partition.
Fxed the case: If FE is already on then EFUSE VIRT mode can work with it.
Closes https://github.com/espressif/esp-idf/issues/10929
User's custom data are not taken into account during the CRC calculation anymore.
Which means taht the retained mem structure is not systematically erased
on each reboot anymore.
Currently, we pull up cs io for spi flash/ram to reduce current leakage during
light sleep. But some kind of spi flash/ram chip need all io pull up. Otherwise,
current leakage will still exist.
ESP32-S2 and ESP32-S3
supports up to 1 GB of external flash and RAM
add support for
- 32MB
- 64MB
- 128MB ( example NOR spiFLASH 1G-BIT W25Q01JVZEIQ Winbond 0xEF 0x40 0x21 )
Merges https://github.com/espressif/esp-idf/pull/7688
Signed-off-by: Ivan Grokhotkov <ivan@espressif.com>
- Add to docs & config descriptions
- Change to a "choice" to become self-documenting
- Keep the bootloader_common_check_long_hold_gpio() function for compatibility
Updates the following with changes from verification branches:
* esp_rom linker files
* rtc_cntl and system reg and struct headers
Also updates:
* GDMA driver with new register layout
* esptool submodule commit
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
As this mode uses the public keys attached to the existing app's signatures to
verify the next app, checking that a signature block is found on boot prevents
the possibility of deploying a non-updatable device from the factory.
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits
- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
Sometimes the flash size read from bootloader is not correct. This may
forbid SPI Flash driver from reading the the area larger than the size
in bootloader header.
When the new config option is enabled, the latest configured
ESPTOOLPY_FLAHSIZE in the app header will be used to override the value
read from bootloader header.
Allows booting in QIO/QOUT mode or with PSRAM on ESP32-PICO-V3 and
ESP32-PICO-V3-O2 without any config changes.
Custom WP pins (needed for fully custom circuit boards) should still be compatible.
Goal is that multiple faults would be required to bypass a boot-time signature check.
- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32
Add some additional checks for invalid sections:
- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
